Results 1 to 3 of 3

Thread: EMET 4.1 simExecFlow Share/Save - My123World.Com!

  1. #1

    EMET 4.1 simExecFlow

    Hi,
    i have taken a target that is known to have a metaspliot module and it's a stack buffer overflow the only difference is that i use on it just RoP protections to see if i can still bypass all the mitigation
    when i want to use LoadLibrary API from an existing function that call it EMET get me .. but when i use an also hooked by EMET API called CreateFileA and i use it via an existing function i successfully
    call this API without triggering EMET..

    does anyone have ideas about why EMET is still getting me even though i have called a LoadLibrary via an existing sub that use it ?

  2. #2
    May be this new documentation on bypassing EMET help you

    http://bromiumlabs.files.wordpress.c...g-emet-4-1.pdf
    The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
    __________________________________________________ _____________________

  3. #3
    Namaste
    Any module you try to load from outside world; most of av engines and emet are going to catch it.

    ..."vinnu"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •